IAM Flashcards
What does IAM stand for?
Identity Access Management
What is the role of IAM?
To control who is authenticated (signed in) and authorised (has permissions) to use resources
What is an IAM user?
End users: people, employees, etc
What is an IAM group?
A collection of users
What are IAM policies?
A collection of documents in JSON format
What is the role of IAM policies?
To give permissions to what each user/group/role is able to do
What is the role of an IAM group?
To set permissions for users within the group to inherit
What are the features of IAM? (10)
- Centralised control
- Shared access
- Granular permissions
- Identity federation
- Multi-factor authentication
- Temporary access
- Customisable password rotation policy
- AWS service integration
- PCI DSS compliance (credit card details)
- Eventually consistent
What is the benefit of shared access in IAM?
Other people can gain permission to administer or use resources in your AWS account without having to share your password or access key
What are the properties of your initial sign-in identity under IAM? (3)
- You begin with a single sign-in identity
- This identity is called the root user
- The root user has complete access to all AWS services and resources in the account
What are the properties of newly created users? (2)
- Have no permissions
- Are assigned an access key ID and secret access keys
What are access key ID and secret access keys used for? (2)
- To access AWS via APIs and the command line
- Cannot be used to log into the console
What happens if you lose your access key IDs and secret access keys? (2)
- Must regenerate them
- You can only view your access key IDs and secret access keys once
What is the benefit of identity federation in IAM? (2)
- Allows users who already have passwords elsewhere to get temporary access to your AWS account
- Does not create an IAM user
What is the benefit of multi-factor authentication in IAM?
Requires users to prove physical possession of a hardware MFA token or MFA-enabled mobile device by providing a valid MFA code